ALSA: ak4114: Fix wrong register array size

The size of the register cache array is actually 6 instead of 7,
as it caches up to AK4114_REG_INT1_MASK.  This resulted in unexpected
access out of array range, although most of them aren't so serious
(just reading one more byte on the stack at snd_ak4114_create()).

Also, the check of cache size was wrongly done by checking with
sizeof() instead of ARRAY_SIZE().  Fixed this together.

(And yes, hardcoded numbers are bad, but I keep the coding style as is
 for making it clear what this patch actually does.)

Spotted by coverity among several CIDs, e.g. 711621.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
This commit is contained in:
Takashi Iwai 2013-10-29 16:37:11 +01:00
parent 2026d24ef2
commit e12483e0f3
2 changed files with 6 additions and 6 deletions

View File

@ -170,7 +170,7 @@ struct ak4114 {
void * private_data; void * private_data;
unsigned int init: 1; unsigned int init: 1;
spinlock_t lock; spinlock_t lock;
unsigned char regmap[7]; unsigned char regmap[6];
unsigned char txcsb[5]; unsigned char txcsb[5];
struct snd_kcontrol *kctls[AK4114_CONTROLS]; struct snd_kcontrol *kctls[AK4114_CONTROLS];
struct snd_pcm_substream *playback_substream; struct snd_pcm_substream *playback_substream;
@ -189,7 +189,7 @@ struct ak4114 {
int snd_ak4114_create(struct snd_card *card, int snd_ak4114_create(struct snd_card *card,
ak4114_read_t *read, ak4114_write_t *write, ak4114_read_t *read, ak4114_write_t *write,
const unsigned char pgm[7], const unsigned char txcsb[5], const unsigned char pgm[6], const unsigned char txcsb[5],
void *private_data, struct ak4114 **r_ak4114); void *private_data, struct ak4114 **r_ak4114);
void snd_ak4114_reg_write(struct ak4114 *ak4114, unsigned char reg, unsigned char mask, unsigned char val); void snd_ak4114_reg_write(struct ak4114 *ak4114, unsigned char reg, unsigned char mask, unsigned char val);
void snd_ak4114_reinit(struct ak4114 *ak4114); void snd_ak4114_reinit(struct ak4114 *ak4114);

View File

@ -60,7 +60,7 @@ static void reg_dump(struct ak4114 *ak4114)
printk(KERN_DEBUG "AK4114 REG DUMP:\n"); printk(KERN_DEBUG "AK4114 REG DUMP:\n");
for (i = 0; i < 0x20; i++) for (i = 0; i < 0x20; i++)
printk(KERN_DEBUG "reg[%02x] = %02x (%02x)\n", i, reg_read(ak4114, i), i < sizeof(ak4114->regmap) ? ak4114->regmap[i] : 0); printk(KERN_DEBUG "reg[%02x] = %02x (%02x)\n", i, reg_read(ak4114, i), i < ARRAY_SIZE(ak4114->regmap) ? ak4114->regmap[i] : 0);
} }
#endif #endif
@ -81,7 +81,7 @@ static int snd_ak4114_dev_free(struct snd_device *device)
int snd_ak4114_create(struct snd_card *card, int snd_ak4114_create(struct snd_card *card,
ak4114_read_t *read, ak4114_write_t *write, ak4114_read_t *read, ak4114_write_t *write,
const unsigned char pgm[7], const unsigned char txcsb[5], const unsigned char pgm[6], const unsigned char txcsb[5],
void *private_data, struct ak4114 **r_ak4114) void *private_data, struct ak4114 **r_ak4114)
{ {
struct ak4114 *chip; struct ak4114 *chip;
@ -101,7 +101,7 @@ int snd_ak4114_create(struct snd_card *card,
chip->private_data = private_data; chip->private_data = private_data;
INIT_DELAYED_WORK(&chip->work, ak4114_stats); INIT_DELAYED_WORK(&chip->work, ak4114_stats);
for (reg = 0; reg < 7; reg++) for (reg = 0; reg < 6; reg++)
chip->regmap[reg] = pgm[reg]; chip->regmap[reg] = pgm[reg];
for (reg = 0; reg < 5; reg++) for (reg = 0; reg < 5; reg++)
chip->txcsb[reg] = txcsb[reg]; chip->txcsb[reg] = txcsb[reg];
@ -142,7 +142,7 @@ static void ak4114_init_regs(struct ak4114 *chip)
/* release reset, but leave powerdown */ /* release reset, but leave powerdown */
reg_write(chip, AK4114_REG_PWRDN, (old | AK4114_RST) & ~AK4114_PWN); reg_write(chip, AK4114_REG_PWRDN, (old | AK4114_RST) & ~AK4114_PWN);
udelay(200); udelay(200);
for (reg = 1; reg < 7; reg++) for (reg = 1; reg < 6; reg++)
reg_write(chip, reg, chip->regmap[reg]); reg_write(chip, reg, chip->regmap[reg]);
for (reg = 0; reg < 5; reg++) for (reg = 0; reg < 5; reg++)
reg_write(chip, reg + AK4114_REG_TXCSB0, chip->txcsb[reg]); reg_write(chip, reg + AK4114_REG_TXCSB0, chip->txcsb[reg]);